fix(debug): live-list check, atomic tarball, e2e per-run name

Signed-off-by: Tinson Lai <tinsonl@nvidia.com>

Author: laitingsheng

src/commands/debug.ts

@@ -61,10 +61,12 @@ function buildDebugCommandDeps(rootDir: string): RunDebugCommandDeps {
 
   const isSandboxKnown = (name: string): boolean => {
     const { sandboxes } = registry.listSandboxes();
-    if (sandboxes.find((sandbox) => sandbox.name === name)) return true;
+    if (!sandboxes.find((sandbox) => sandbox.name === name)) return false;
     const liveList = captureOpenshell(rootDir, ["sandbox", "list"]);
-    if (liveList.status === 0 && parseLiveSandboxNames(liveList.output).has(name)) return true;
-    return false;
+    if (liveList.status === 0 && !parseLiveSandboxNames(liveList.output).has(name)) {
+      return false;
+    }
+    return true;
   };
 
   return {

src/lib/diagnostics/debug-command.test.ts

@@ -82,6 +82,7 @@ describe("debug command", () => {
         },
       ),
     ).toThrow("exit");
+    expect(exit).toHaveBeenCalledWith(1);
     expect(runDebug).not.toHaveBeenCalled();
     expect(errorLines[0]).toContain("ghost");
     expect(errorLines[0]).toContain("NEMOCLAW_SANDBOX_NAME");

src/lib/diagnostics/debug.test.ts

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-import { existsSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { existsSync, mkdtempSync, readFileSync, readdirSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
 import { afterEach, beforeEach, describe, expect, it } from "vitest";
@@ -82,20 +82,27 @@ describe("createTarball", () => {
     expect(process.exitCode).toBe(1);
   });
 
-  it("removes any partial tarball when tar fails", () => {
+  it("leaves pre-existing user output untouched and removes the temp sibling when tar fails", () => {
     tempDir = mkdtempSync(join(tmpdir(), "debug-test-"));
     writeFileSync(join(tempDir, "payload.txt"), "test data");
     outputDir = mkdtempSync(join(tmpdir(), "debug-test-out-"));
     const output = join(outputDir, "partial.tar.gz");
-    // Pre-create a stub file so createTarball can prove it removed a partial.
-    writeFileSync(output, "stub partial tarball");
+    // Pre-existing user file must NOT be clobbered when tar fails.
+    const previous = "pre-existing user content";
+    writeFileSync(output, previous);
     // Removing the source dir forces tar to fail without racing in-progress
     // collection.
     rmSync(tempDir, { recursive: true, force: true });
     const ok = createTarball(tempDir, output);
     expect(ok).toBe(false);
     expect(process.exitCode).toBe(1);
-    expect(existsSync(output)).toBe(false);
+    expect(existsSync(output)).toBe(true);
+    expect(readFileSync(output, "utf-8")).toBe(previous);
+    // No .partial sibling should remain after cleanup.
+    const partials = readdirSync(outputDir).filter(
+      (name) => name.endsWith(".partial") || name.includes(".partial."),
+    );
+    expect(partials).toEqual([]);
   });
 
   it("creates tarball successfully and returns true for valid output path", () => {

src/lib/diagnostics/debug.ts

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { execFileSync, spawnSync } from "node:child_process";
-import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { existsSync, mkdtempSync, readFileSync, renameSync, rmSync, writeFileSync } from "node:fs";
 import { platform, tmpdir } from "node:os";
 import { basename, dirname, join } from "node:path";
 
@@ -508,23 +508,44 @@ function collectKernelMessages(collectDir: string): void {
  * guidance that goes with the generated file.
  */
 export function createTarball(collectDir: string, output: string): boolean {
-  const result = spawnSync("tar", ["czf", output, "-C", dirname(collectDir), basename(collectDir)], {
-    stdio: "inherit",
-    timeout: 60_000,
-  });
+  // Write to a sibling temp path so a tar failure cannot clobber a
+  // pre-existing user file at `output`. Rename atomically on success.
+  const partial = `${output}.partial.${process.pid}`;
+  const result = spawnSync(
+    "tar",
+    ["czf", partial, "-C", dirname(collectDir), basename(collectDir)],
+    {
+      stdio: "inherit",
+      timeout: 60_000,
+    },
+  );
   if (result.status !== 0 || result.signal) {
     const reason = result.signal
       ? `killed by signal ${result.signal}`
       : `exited with code ${result.status ?? "unknown"}`;
     error(`Failed to create tarball at ${output} (tar ${reason})`);
     try {
-      rmSync(output, { force: true });
+      rmSync(partial, { force: true });
     } catch {
       /* best-effort cleanup of partial tarball */
     }
     process.exitCode = 1;
     return false;
   }
+  try {
+    renameSync(partial, output);
+  } catch (err) {
+    error(
+      `Failed to move tarball into place at ${output}: ${err instanceof Error ? err.message : String(err)}`,
+    );
+    try {
+      rmSync(partial, { force: true });
+    } catch {
+      /* best-effort */
+    }
+    process.exitCode = 1;
+    return false;
+  }
   info(`Tarball written to ${output}`);
   warn(
     "Known secrets are auto-redacted, but please review for any remaining sensitive data before sharing.",

test/cli.test.ts

@@ -307,12 +307,14 @@ function createDebugCommandTestEnv(
     }
     fs.writeFileSync(registryPath, JSON.stringify(current), { mode: 0o600 });
   }
+  const registeredNames = [sandboxName, ...(options.extraSandboxNames ?? [])];
+  const listLines = ["NAME", ...registeredNames.map((name) => `${name}      Ready`)];
   fs.writeFileSync(
     path.join(localBin, "openshell"),
     [
       "#!/bin/sh",
       'if [ "$1" = "sandbox" ] && [ "$2" = "list" ]; then',
-      "  echo 'NAME'",
+      ...listLines.map((line) => `  echo ${JSON.stringify(line)}`),
       "  exit 0",
       "fi",
       "echo 'openshell ok'",
@@ -1534,6 +1536,46 @@ describe("CLI dispatch", () => {
     expect(fs.existsSync(tarball)).toBe(false);
   });
 
+  it(
+    "debug --sandbox NAME rejects a stale registry entry missing from the live gateway",
+    testTimeoutOptions(30_000),
+    () => {
+      // Same fixture pattern as createDebugCommandTestEnv but with an openshell
+      // stub whose live list intentionally omits the registry name, mirroring
+      // the bug where the local registry kept a name the gateway no longer
+      // serves.
+      const home = fs.mkdtempSync(path.join(os.tmpdir(), "nemoclaw-cli-debug-stale-"));
+      const localBin = path.join(home, "bin");
+      fs.mkdirSync(localBin, { recursive: true });
+      writeSandboxRegistry(home, "stale-box");
+      fs.writeFileSync(
+        path.join(localBin, "openshell"),
+        [
+          "#!/bin/sh",
+          'if [ "$1" = "sandbox" ] && [ "$2" = "list" ]; then',
+          "  echo 'NAME'",
+          "  exit 0",
+          "fi",
+          "exit 0",
+        ].join("\n"),
+        { mode: 0o755 },
+      );
+      const tarball = path.join(home, "out.tar.gz");
+      const r = runWithEnv(
+        `debug --sandbox stale-box --output ${tarball} 2>&1`,
+        {
+          HOME: home,
+          PATH: `${localBin}:${process.env.PATH || ""}`,
+        },
+        30000,
+      );
+      expect(r.code).not.toBe(0);
+      expect(r.out).toContain("stale-box");
+      expect(r.out).toContain("not registered");
+      expect(fs.existsSync(tarball)).toBe(false);
+    },
+  );
+
   it("debug --sandbox without a name exits 1", () => {
     const r = run("debug --sandbox");
     expect(r.code).not.toBe(0);

test/e2e/test-diagnostics.sh

@@ -314,7 +314,10 @@ test_diag_06_debug_sandbox_validation() {
     fail "TC-DIAG-06: Registered name" "exit=$good_rc, output=${good_log:0:300}"
   fi
 
-  local bad_name="nemoclaw-e2e-does-not-exist"
+  # Unique per-run name avoids collisions when another e2e job leaves a
+  # sandbox with a shared "does-not-exist" placeholder behind.
+  local bad_name
+  bad_name="nemoclaw-e2e-missing-$$-$(date +%s)-${RANDOM}"
   local bad_output="${debug_dir}/unknown.tar.gz"
   local bad_rc=0 bad_log=""
   bad_log=$(${TIMEOUT_CMD:+$TIMEOUT_CMD 30} nemoclaw debug --quick --sandbox "$bad_name" --output "$bad_output" 2>&1) || bad_rc=$?